diff --git a/2013/4xxx/CVE-2013-4786.json b/2013/4xxx/CVE-2013-4786.json index d0d89913380..c825f1680f9 100644 --- a/2013/4xxx/CVE-2013-4786.json +++ b/2013/4xxx/CVE-2013-4786.json @@ -76,6 +76,11 @@ "name": "HPSBHF02981", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=139653661621384&w=2" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0005/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0005/" } ] } diff --git a/2018/16xxx/CVE-2018-16487.json b/2018/16xxx/CVE-2018-16487.json index 48607aaca9b..343362fb912 100644 --- a/2018/16xxx/CVE-2018-16487.json +++ b/2018/16xxx/CVE-2018-16487.json @@ -56,6 +56,11 @@ "name": "https://hackerone.com/reports/380873", "refsource": "MISC", "url": "https://hackerone.com/reports/380873" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0004/" } ] } diff --git a/2018/3xxx/CVE-2018-3721.json b/2018/3xxx/CVE-2018-3721.json index 9b51f75fe7e..d0eb9f274b4 100644 --- a/2018/3xxx/CVE-2018-3721.json +++ b/2018/3xxx/CVE-2018-3721.json @@ -62,6 +62,11 @@ "name": "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a", "refsource": "MISC", "url": "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0004/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010266.json b/2019/1010xxx/CVE-2019-1010266.json index 5d3e1375bd8..2877761f84c 100644 --- a/2019/1010xxx/CVE-2019-1010266.json +++ b/2019/1010xxx/CVE-2019-1010266.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://github.com/lodash/lodash/wiki/Changelog", "url": "https://github.com/lodash/lodash/wiki/Changelog" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0004/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0004/" } ] } diff --git a/2019/11xxx/CVE-2019-11245.json b/2019/11xxx/CVE-2019-11245.json index 4c2129778df..ada2d8773e5 100644 --- a/2019/11xxx/CVE-2019-11245.json +++ b/2019/11xxx/CVE-2019-11245.json @@ -90,6 +90,11 @@ "name": "https://github.com/kubernetes/kubernetes/issues/78308", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/78308" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11246.json b/2019/11xxx/CVE-2019-11246.json index 71c6813dc01..d77d041f184 100644 --- a/2019/11xxx/CVE-2019-11246.json +++ b/2019/11xxx/CVE-2019-11246.json @@ -130,6 +130,11 @@ "name": "[ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246", "refsource": "MLIST", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/NLs2TGbfPdo" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11247.json b/2019/11xxx/CVE-2019-11247.json index 33ce85a79c9..aae11b6c36c 100644 --- a/2019/11xxx/CVE-2019-11247.json +++ b/2019/11xxx/CVE-2019-11247.json @@ -120,6 +120,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2690", "url": "https://access.redhat.com/errata/RHSA-2019:2690" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11248.json b/2019/11xxx/CVE-2019-11248.json index 592f5332584..00d4505f9ed 100644 --- a/2019/11xxx/CVE-2019-11248.json +++ b/2019/11xxx/CVE-2019-11248.json @@ -130,6 +130,11 @@ "name": "CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port", "refsource": "MLIST", "url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11249.json b/2019/11xxx/CVE-2019-11249.json index c95a788d006..74e6b222c15 100644 --- a/2019/11xxx/CVE-2019-11249.json +++ b/2019/11xxx/CVE-2019-11249.json @@ -133,6 +133,11 @@ "name": "https://github.com/kubernetes/kubernetes/issues/80984", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/80984" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11250.json b/2019/11xxx/CVE-2019-11250.json index a71f3d16380..18f23f1bf7d 100644 --- a/2019/11xxx/CVE-2019-11250.json +++ b/2019/11xxx/CVE-2019-11250.json @@ -81,6 +81,11 @@ "name": "https://github.com/kubernetes/kubernetes/issues/81114", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/81114" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0003/" } ] }, diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index fd48ca3f2e2..20a492f1394 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -246,6 +246,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2587", "url": "https://access.redhat.com/errata/RHSA-2019:2587" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0001/" } ] } diff --git a/2019/15xxx/CVE-2019-15032.json b/2019/15xxx/CVE-2019-15032.json new file mode 100644 index 00000000000..90f86a4e3a3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15032.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/" + }, + { + "url": "https://pydio.com", + "refsource": "MISC", + "name": "https://pydio.com" + }, + { + "refsource": "MISC", + "name": "https://heitorgouvea.me/2019/09/17/CVE-2019-15032", + "url": "https://heitorgouvea.me/2019/09/17/CVE-2019-15032" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15033.json b/2019/15xxx/CVE-2019-15033.json new file mode 100644 index 00000000000..c0c143921d1 --- /dev/null +++ b/2019/15xxx/CVE-2019-15033.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/ajaxplorer/files/pydio/stable-channel/" + }, + { + "url": "https://pydio.com", + "refsource": "MISC", + "name": "https://pydio.com" + }, + { + "refsource": "MISC", + "name": "https://heitorgouvea.me/2019/09/17/CVE-2019-15033", + "url": "https://heitorgouvea.me/2019/09/17/CVE-2019-15033" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16097.json b/2019/16xxx/CVE-2019-16097.json index 6d609248013..a5be359303e 100644 --- a/2019/16xxx/CVE-2019-16097.json +++ b/2019/16xxx/CVE-2019-16097.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.9.0-rc1." + "value": "core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API. This is fixed in 1.7.6 and 1.8.3." } ] }, @@ -61,6 +61,11 @@ "url": "https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1", "refsource": "MISC", "name": "https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1" + }, + { + "refsource": "MISC", + "name": "https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/", + "url": "https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/" } ] }, diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index 5433dea5ca1..ebe45924265 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -107,6 +107,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" } ] } diff --git a/2019/1xxx/CVE-2019-1549.json b/2019/1xxx/CVE-2019-1549.json index af0d648a7b7..eb1fd033db3 100644 --- a/2019/1xxx/CVE-2019-1549.json +++ b/2019/1xxx/CVE-2019-1549.json @@ -1,11 +1,11 @@ { "CVE_data_meta": { - "ASSIGNER": "openssl-security@openssl.org", - "DATE_PUBLIC": "2019-09-10", - "ID": "CVE-2019-1549", - "STATE": "PUBLIC", + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2019-09-10", + "ID": "CVE-2019-1549", + "STATE": "PUBLIC", "TITLE": "Fork Protection" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -13,7 +13,7 @@ "product": { "product_data": [ { - "product_name": "OpenSSL", + "product_name": "OpenSSL", "version": { "version_data": [ { @@ -23,59 +23,64 @@ } } ] - }, + }, "vendor_name": "OpenSSL" } ] } - }, + }, "credit": [ { - "lang": "eng", + "lang": "eng", "value": "Matt Caswell" } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)." } ] - }, + }, "impact": [ { - "lang": "eng", - "url": "https://www.openssl.org/policies/secpolicy.html#Low", + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low" } - ], + ], "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "Random Number Generation" } ] } ] - }, + }, "references": { "reference_data": [ { - "name": "https://www.openssl.org/news/secadv/20190910.txt", - "refsource": "CONFIRM", + "name": "https://www.openssl.org/news/secadv/20190910.txt", + "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20190910.txt" - }, + }, { - "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "refsource": "CONFIRM", + "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", + "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" } ] } diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index d5151648316..9cd745aa97c 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -102,6 +102,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html", "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190919-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190919-0002/" } ] }